On Fri, Sep 2, 2016 at 8:11 AM, Richard Wang <rich...@wosign.com> wrote:
> Yes, we posted all 2015 issued SSL from WoSign trusted root.
> On 2 Sep 2016, at 22:55, Peter Bowen <pzbo...@gmail.com> wrote:
>> Based on CT logs, I have seen certificates from the CAs below, all of
>> which have "WoSign" in the name.  Have you logged all certificates
>> which are signed by these CAs and have a notBefore date of
>> 20150101000000Z or later to the WoSign CT log?


It seems then there is a newly exposed bug.
shows a certificate issued by your CA that has a notBefore in March
2015.  It does not appear in the CT log.  However another certificate
with identical serial number and subject, but different Validity, does
appear in the log.

Are you aware of a bug where you were issuing certificates identical
except for validity period?

dev-security-policy mailing list

Reply via email to